Hi,
The primary problem with a DNSSEC indicator is: Where we are going get the
information?
At present I am not aware of any way to tell where an IP address came from
in any of the APIs (Winsock and BSD Sockets) that we are using to look up
servernames.
That seems to indicate that before we can even consider such a feature we
need new APIs from the various Operating System and network driver vendors.
On Thu, 12 Apr 2007 21:09:57 +0200, <michael.mccormick@wellsfargo.com>
wrote:
> http://www.w3.org/mid/8A794A6D6932D146B2949441ECFC9D6802B4D38D@msgswbmnm
> sp17.wellsfargo.com
>> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.5
>>
>> DHS (Steve Crocker) and SwedBank (Kjell Rydjer) gave terrific
>> presentations to the FSTC Security Committee today about DNSSEC.
>>
>> One issue SwedBank has run into as DNSSEC rolls out in Sweden
>> (quoting Kjell's presentation): "Will Microsoft and Mozilla
>> implement a DNSSEC indicator in their browsers?"
>>
>> At the committee's request I agreed to pass this question along
>> to the W3C WSC group for your consideration. Any thoughts?
>>
>> My personal opinion is DNSSEC should probably be another input to
>> the agent security context display along with the others we've
>> talked about (e.g., SSL/TLS). There are some practical obstacles
>> to overcome -- for instance the name resolver built into the
>> client OS or browser has to be DNSSEC-capable as a prerequisite
>> for this -- but it seems it ought to be on the roadmap. I
>> believe DNSSEC has more potential benefit if it's visible to end
>> users.
>>
>> >Michael McCormick, CISSP
>> >Lead Architect, Information Security Technology
>> >Wells Fargo Bank
>> >255 Second Avenue South
>> >MAC N9301-01J
>> >Minneapolis MN 55479
>> >*> > 612-667-9227 (desk) * 612-667-7037 (fax)
>> >( 612-590-1437 (cell) :-)
> michael.mccormick@wellsfargo.com (AIM)
>> >* 612-621-1318 (pager) *
> michael.mccormick@wellsfargo.com
>> >
>> >"THESE OPINIONS ARE STRICTLY MY OWN AND NOT NECESSARILY THOSE OF
> WELLS FARGO"
>> >This message may contain confidential and/or privileged information.
> If you are not the addressee or authorized to receive this for the
> addressee, you must not use, copy, disclose, or take any action based on
> this message or any information herein. If you have received this
> message in error, please advise the sender immediately by reply e-mail
> and delete this message. Thank you for your cooperation.
>> >
>
>
>
--
Sincerely,
Yngve N. Pettersen
********************************************************************
Senior Developer Email: yngve@opera.com
Opera Software ASA http://www.opera.com/
Phone: +47 24 16 42 60 Fax: +47 24 16 40 01
********************************************************************